Security Tools

ZenVeil helps developers find, understand, and fix security issues without the complexity of traditional security tools. Scan GitHub repositories, local codebases, and APIs for secrets, supply chain risks, and common security issues. Generate AI-powered explanations, remediation guidance, prioritize findings with AI triage, and create pull requests with fixes. Available through both a web dashboard and CLI.

Keep up with your agents. Spotlight reads your Claude Code and Codex sessions and shows you what your agents actually did, and how to get recursively better every session: what to fix now, what to ship better next time, what's worth sharing. One harness or seven, solo or across your team. Free.

Most Mac security tools need agents, signups, or MDM. fort doesn't. One command checks 15+ security settings: FileVault, SIP, firewall, screen lock, local admin rights, Gatekeeper, SSH, AirDrop and more. Reports a score and fixes most issues automatically. Single binary. No telemetry. MIT licensed. Perfect for developers hardening their own Mac, and for teams preparing for SOC 2 or ISO 27001 without the MDM overhead. brew install djadmin/tap/fort

DotBGE encrypts files on-device with no accounts and no servers. Use the iPhone/iPad app to encrypt, decrypt, preview, and sharebge files; use the bge CLI on macOS/Linux for scripts and terminal workflows; or let Claude Code, ChatGPT, and other shell-running agents handlebge files through the bundled skill. Built on the openbge format with identity-based RSA encryption and password mode.

Astra Autonomous Pentesting makes self-healing software the new standard, a category we’re defining after 8 years and 5,000+ real-world pentests. An army of offensive pentesters and bounty hunter agents that discovers complex chained vulnerabilities, an independent validator layer drives false positives to near-zero, and AI-fix agents deliver remediation as native Cursor, Copilot, and Claude Code prompts. The reactive pentest era is over.

A native macOS network monitor. Combines Bonjour, ARP, SSDP, NetBIOS and active probing to show every connected device — Apple gadgets, smart TVs, IoT, printers — in one live window. Full per-device history: first seen, last seen, every online/offline transition. Five alert types for new, risky, or returning devices. One-click security scan checks common ports with plain-English findings. Built 100% in SwiftUI. No cloud, no account, no telemetry. Your data stays on your Mac. Free.

FinderLock is a native macOS app that lets you lock any file or folder in Finder with Touch ID or a password. AES-256 encryption — the same standard used by banks. Unlike FileVault (full-disk only), FinderLock protects individual files with one click. Double-click to unlock, auto-lock when idle, and lock icon badges right in Finder. Everything stays on your Mac. No accounts, no cloud, no telemetry. Free plan included. One-time purchase — no subscription.

AGG Labs SSO is a streamlined, fully-featured OIDC Identity Provider designed for developers who want complete control over their authentication layer. Forget bloated enterprise solutions. We provide seamless integration for your applications, featuring silent SSO, strict PKCE flows, granular active session management, device tracking, and an intuitive developer portal. Standardize your access control and build a unified ecosystem with an auth system that respects your architecture.

Hiro gets your security work done. It reads findings from Aikido and Wiz, pulls open tasks from Drata, and scans Supabase, Vercel, Github, and more then ships the fixes. Not a dashboard of homework. The homework, done.

Whisper Internet Infrastructure AI Context is an MCP server that plugs into Claude or Cursor in 2 minutes and gives your agent real-time BGP, DNS, WHOIS and threat-graph context. 46B data points, sub-ms queries, free tier. Founded by ex-RIPE NCC and ICANN engineers.

DeepFrame — a luxury security studio running authorized deep pentests for fast-moving web apps. Depth, clarity, retest.

Suprbox is a policy-gated vault for the data your AI agents read. Instead of handing an agent your Drive or S3 key, you give it a scoped Suprbox key every read is checked against rules you set (sensitivity, time-of-day, rate limits, human approval) and signed into an immutable audit log. Unlike prompt guardrails, Suprbox protects the data itself, so even a jailbroken or misconfigured agent can't exfiltrate what your policy denies. Built for teams running real agents on sensitive documents.

Vercel is open sourcing deepsec, an AI security harness that runs on your infrastructure, with your keys, against your code.

One platform to discover, assess, and protect all AI usage across your organization. FireTail gives you complete coverage across every employee, browser, device, application, and agent. Get the visibility, security and control you need to enable AI innovation at scale. Blackhat USA & Asia 2025 Startup Spotlight Top 4; TechCrunch Disrupt 2024 Startup Battlefield 200; SOC 2 Type 2

We are full force into cloud-based AI security scanners. Foil does it on your Mac, locally. Your code never leaves. It doesn't just alert: it explains why, validates the finding, and rewrites the code and does it 100% local, no API, no telemetry, no training the next model with your own code. It's edge AI built for developers, consultant or pentesters after a whitebox test, who can't (or won't) share the code.

Skill Inspector helps you analyze and understand the capabilities, risks, and behaviors of AI skills before they reach production. It inspects how skills are defined, what tools and permissions they rely on, and how they behave across different scenarios. Whether you're building copilots or AI-powered apps, Skill Inspector gives you the visibility and confidence to ship AI safely. Identify risky patterns, validate skill behavior, and ensure your AI does exactly what you expect - no surprises.

MindFort is the fastest way to deploy security agents. We secure your stack via autonomous agents that learn as they hack. We validate each vulnerability and give you native ways to patch. Built by a team with 15+ years of Cybersecurity experience. YC X25. Used by top startups + public companies.

Your SCA checks for CVEs. It doesn't check whether anyone is still maintaining the software. That's a different question, and until now, no tool answered it well. We track lifecycle status across 12M+ package versions using official EOL declarations and ML-based detection of maintainer abandonment. Upload a package.json, pom.xml, requirements.txt, or any SBOM and see exactly what's still maintained and what isn't. Direct and transitive deps. Every major ecosystem. Free of charge.

Hacktron collaborates in your workflow, identifies real vulnerabilities, and empowers developers like a senior security engineer. We combine deep code-level security review with automated pentesting to help teams find real issues faster, cut through low-signal findings, and give developers remediation information they can actually act on. Built by elite hackers who've spent careers exploiting the most complex and high-value targets, we operate by one principle: PoC || GTFO.

Cerberus is the world's first safe AI hacker. You can hack your entire app in plain English with a prompt "find vulnerabilities and exploit them in example.com". We also built the world's first AI hacker that's mathematically safe to run on production. It uses a new programming language where every hacking action must come with a mathematical proof that you authorized it — no proof, no action. Point it at your app, come back in 3-4 hours with a full security report.

The new Strix platform gives devs continuous security in one place: continuously pentest your apps, block vulnerable PRs before merge, generate merge-ready fixes, and track security posture over time.